New Oxymoron: Data Security

When it comes to data, there is no security. Government and private data bases in every state continue to lose valuable information. The numbers are staggering. For example, on October 2, 2009 the U.S. Military Veterans Agency compromised the Social Security numbers of 76 million veterans dating back to 1972.

The Privacy Rights Clearinghouse website found at www.privacyrights.org has been publishing a Chronology of Data Breaches since its inception in January 2005. The clearinghouse chronology publishes the date, name of entity, location, breach description, and the number of records (identities of people in the US).

To say that Identity Theft continues to spiral out of control may be an understatement when you actually examine the numbers. For example, on October 2, 2008 the grand total of this chronology was 245,028,235. The description to the left of the grand total states in bold lettering, “TOTAL number of records containing sensitive personal information involved in security breaches in the U.S. since January 2005.” One year later, on October 2, 2009 this grand total had grown to 339,674,601. We are talking about non-public, personally-identifying information on real US citizens. This increase, recorded in just one year, is over 94 million. This does not count the “unknowns.” For accuracy sake, the clearinghouse does not add breaches with unconfirmed numbers, although it may comment (i.e. 1000’s). During this span of one year there were 67 unknowns out of 250 security breaches. Since the numbered breaches only account for 73 percent of the problem, then that leaves 27 percent unaccounted for. Therefore, the problem being caused by security breaches is actually much worse.

It is also difficult to determine how many duplicate identities may have occurred at different locations. The U.S. population clock count on www.census.gov calculates 307,690,749 U.S. citizens as of October 14, 2009. The 2009 data breach grand total is over 20 million greater than the Census Bureau count. Keep in mind there were data breaches prior to January 2005 when Privacy Rights began its chronology. The numbers may be somewhat inaccurate, but there is one thing we can say with absolute certainty, “Houston, we have a problem!”

Big-time identity theft rings are not dumpster diving anymore for identities. They are getting their information in massive chunks from various sources worldwide. USATODAY made a very bold statement on October 11, 2006 – “Identity Theft is poised to increase by a factor of 20 over the next two years. The criminals are still trying to figure out what to do with all the data.”

Perhaps it is safer to assume that our identities have already been compromised.